Hot:

If you’ve attempted to upgrade your Java from Sun and encountered this error, you probably were left scratching your head,  The link to Sun’s Help Resources have no effective solution at the time or writing this, it simply states:

The actual root cause of this issue is still under investigation…

Isn’t that helpful…I have discovered a solution hopefully it will work for you.

Continue reading 'Sun Java Error: 25099 Unzipping Core Files Failed – Fix discovered'»

Hot:

I saw this comment today on a malware site and I normally read them to see how folks troll malware sites looking for blame.
Folks, malware is your problem, not anyone elses.  I am constantly reminded how people fail to understand that its their actions and choices that cause the infections, and today social engineering is a big reason.
Even malware experts are not immune from falling victim to their tricks.  Its been like this for years and outside of the increase in targetted attacks,
its still the #1 reason.

Continue reading 'Editorial: Understanding why Malware infects your PC'»

Hot:

It seems that Viewsonic has had a lot of problems with its manufacturing over the course of the last several years. The reviews from 2005/2006 indicate that Viewsonic was a premier supplier of flat panel displays.

Since it is well know that most of the actual displays are purchased from the few suppliers of such beasts, Viewsonic is responsible for building the hardware around the display.

Back in 2006 (you could see our article here) we bought two VX922 monitors and they worked fine until Sping of 2008. At that time we started experiencing problems with the monitor staying synced and displaying a picture, at least thats how it seemed.

At that time we started seeing one of our monitors (the one used the most) would simply black out, the green power light would go out, then the green light would come back on, the display would flicker and then both would go black again. It would simply keep cycling this process over and over.

I found that PLAYING with the power button would get the display to stabilize, sometimes smacking the monitor would get it to work. When I discovered this, I realized it was a manufacturing defect.

By the End of September I grew tired of the problem and decided to get it fixed. I contacted Viewsonic support at 1-888-688-6688, and reported the problem. I had troubleshooted it and confirmed it was the monitor. Having two monitors and two identical video cards and multiple PCs made this work fairly straight-forward. I was able to get everything to work except the monitor.

When I contacted Viewsonic on September 25th, they stated they would go ahead and REPLACE the unit. I would have to ship it to their repair depot (3rd party service company, Pro something solutions…) in Edmonton and they would advance a unit the same day.

First of all, they said they would same day replace the unit, and the Viewsonic representative confirmed this company had a unit in stock. They did not. The unit I shipped arrived September 26th, and they did not ship until the 3rd of October, so this was a blatant falsehood or an outright lie. If they gave proper instructions to the repair depot which is highly questionable at this point, the depot did not follow them. They also did not ship a replacement as promised. Regardless I did not really care, as long as I got a working monitor in return.

[page_break]

Well I called on October 3rd to see what was going on and found out it shipped that day. I received my package on the 10th of October via CanPar. I was actually shocked to see this package, it was the EXACT SAME box I shipped on the 25th, very badly mangled and the bottom of the box was falling out. The driver even made a point in laughing about the packaging job. It turns out, they decided to FIX my monitor instead of replacing it, and then shipped it back on the day expected. This was NOT a replacement, nor SAME DAY service that VIEWSONIC told me I could expect.

We have a saying in customer service…under promise, over deliver. These guys WAY over promised and then did not bother nor CARE about the issue when I contacted them back about this.

When I opened the box there was light damage to the monitor, and the screen was scratched. I asked Viewsonic if a damage claim was made, and no such thing was done. I was shocked that a repair depot would be so careless and reckless sending fragile goods anywhere.

At this stage they decided to agree to advance replace the unit, but I had to send purchase details to them. Ok, so I did. I got two rejections that took until the 20th to clear up. On the 15th of October my second monitor started to fail. So now I call about this one. I asked VIEWSONIC to add this to the existing RMA, but they refused and instead decided to create a new one. Later I was told that this was the wrong procedure. Since I was dealing with two I had to make sure they had both in the system for processing. This took amazingly long for something that is fill a document and fax it back. They lost parts of the fax. Somehow they received page 1 but never received page 2. They blamed me for fax transmission problems, when I later discovered that faxes are emailed to the appropriate department, and they process them via email. Since they had page 1 but not 2 or 3 I could not understand how they messed this up, until I found out that they attach the faxes as TIF images, and multiple pages become a multiple part TIF. So the operator was careless and discarded it after reading the first page. Quite obvious now. Any apologies for this? No. So I again spend countless hours on the phone discussing this and faxing again, and confirming again.

So, after finalizing the details for the second I now have confirmations for the replacements and they are sent out. Within a few days I get the first one, the second one comes after about 4 days. Yes one was expedited, the other was ground. Wow, lovely. At any point we setup the replacements they work fine, seem to be ok, then we ship the old units back at the end of the week.

I was quite surprised to find two separate units, each a different shade of black and missing plugs for the back mounts. No big deal, I pilfered those from the originals and sent them back missing. But looking at two monitors side by side that were identical and now are not is a little bothersome. I certainly will keep them.

So by Nov 11th we finally had everything squared away. I have replacements and they have the originals. At this point I was hoping to never have to deal with Viewsonic again after this.

Well I was actually quite disappointed this morning while I was working I caught some flashing in the corner of my eye, and lo and behold, monitor #1 has started it\\\’s flickering again.

First call to Viewsonic, and I am not happy. I just got standard policy and careless responses to my questions. Stated they would only do a repair due to the age of purchase. I told her that was obviously wrong since I just had these items replaced by advance replacement not a month ago, so the age isn\’t a factor. I called this whole process incompetent and was left on ignore hold. I gave up after 15 minutes and called back.

Now, the monitor I had FIXED worked, but was damaged, the second monitor failed during the course of dealing with the first issue. If the first rep had said they would fix it and return it, I would have been ok with it THEN. If the repair depot had a good understanding of HOW TO PACKAGE GOODS FOR SHIPMENT, then I would not have had many issues and I would have been a happy client.

Instead, I had a new order (replacing 3 CRTS with LCDS) with my supplier, and had ordered the Viewsonics, since they were the best for the buck. After Oct 20th, I canceled the order and changed it to some really nice Samsungs (sorry do not have the models handy). I have had excellent service dealing with the local Samsung rep, the Viewsonic one never bothered to return my call back in 2004 when I was seeking vendors. I simply saw that two of the EXACT same monitors having the EXACT same problem could be a model or manufacturing defect. If its the latter then any Viewsonic monitor could fail at some point. I was not taking this chance.

So we called back, and now no amount of button pushing could get us to the english queue. Every button routed us to the spanish speaking operators. Finally someone spoke english, and transfered me to the english queue. This time I went back to RMA instead of tech support. Speaking to a lady who called herself Zorley (I hope I spelt that right) who was very attentive and listened and took notes about my issues. I am now awaiting a call back from a supervisor who will advise me what they want to do. I explained that this is an obvious issue and that Viewsonic must be aware of it, but there is no disclosure of the failure rate of these monitors. I would NOT buy a used one!!! Your buying a lemon if you do.

What DO YOU think Viewsonic should do in this case? I welcome your feedback on this concern.

Is my concern just me or a bigger problem?

Well here is a link to google with the search criteria I submitted to see if others have had this same problem. Search tags are: VIEWSONIC VX922 PROBLEM:

Massive number of results, try it and see.

The top five posts from that I included here:

http://www.fixya.com/support/p449204-viewsonic_vx922_19_monitor

http://www.tomshardware.com/forum/247964-33-viewsonic-vx922-monitor-black-screen-green-power-light-flashes

http://www.swotti.com/monitors/viewsonic-vx922-19-lcd_14207_problems.htm

http://www.geekstogo.com/forum/Monitor-Problems-ViewSonic-VX922-t181202.html

http://forums.whirlpool.net.au/forum-replies-archive.cfm/513718.html

So you can see, many folks from all over the planet are complaining about these monitors. My assumption is this is a very large manufacturing defect and is likely to affect other models. However since the exact nature has never been disclosed by Viewsonic it will not be possible without breaking NDA to find out the real details.

But this issue has completely put me out of the market when it comes to buying Viewsonic. I hope to later track down where they units where made, and find out what that firm builds besides Viewsonics. Since its likely going to affect many other monitors. But at this stage I can conclude the VX922 is a great gaming monitor until it fails. Then just chuck it in the garbage and buy a new monitor. (…chuck in the recycle bin…)

Should you buy another Viewsonic? I won’t be…ever, and I certainly will not recommend them to any client current or future. Since you all could be future clients I’m advising you not to. Also buy an extended warranty ONLY if it means you can avoid dealing directly with the manufacturer. I highly recommened this for any flat panel display simply due to the poor production value of these units.

Hot:

No. 

Why do I think so?  

Simple.   When it comes to using technology a term that is used a great deal is ‘ROI’ or Return on Investment.   Another term that is used is ‘TCO’ or Total Cost of Ownership.   These variables account for costs associated with normal use and regularly maintaining equipment, what it costs to keep running, how much IT resources does it require, etc.    Since the Brother MFC 420 is a Printer, copier, scanner, fax machine all in one nice simple package.   I figure it’s far too complex of a system for the folks at Brother to make work nicely all together within a reasonable ROI.   I understand it’s designed for the SOHO market but when you’re a one person operation 4 hours downtime trying to scan a document can really affect your ability to get anything else done.  

 

---

It does work, when it works and works well.

 

In fairness, once you get the software installed and setup it works fine.  But if I reboot the PC or shut off the MFC unit, then for some strange reason my PC keeps losing ability to do ONE thing (scanning typically but printing and faxing also have been affected), forcing a COMPLETE reinstall of all the software again.  Sure it tells you to be selective, but for the most part it’s either an all or nothing install (fonts and the control center can be left out but everything else MUST be installed/reinstalled or you will have issues). 

 

In the six months we have used this product we have reinstalled the software nine (9) times.  You have to research the uninstallation doc from their support web site prior to reinstalling, otherwise you will end up with duplicate drivers.  It took me three installations to determine that having 3 printers, 3 scanners, and 3 fax drivers were not appropriate, forcing a proper cleanup and reinstallation.

 

After our sixth installation (which broke when we rebuilt our LAN) we decided to rebuild the box from scratch for other reasons, but one on the list was to ensure a clean installation of all the MFC drivers, and then did our seventh install.  This was the longest lasting installation to date (3 weeks).  We then attempted our eighth install to fix the scanner which died, which did not solve the issue, then tech support sent us links to new software from Brother and performed our ninth install which so far is still working.

 

Get Tech Support on the phone, we have a problem.

 

During these phases we have had to waste even more numerous hours sitting on hold waiting for tech support.  The queue’s are very slow, and then when you get someone ‘they’ only want to spend 10 minutes with you, and then get you off the phone.   Considering you or I can wait 30 minutes or more on hold to talk to them, I find this very disrespectful.

 

10:30 Attempted to scan from PC.  Device not found.  Prints ok.  Try to manually scan directly from the device, will not perform any action with scanning.

 

11:00 Reinstall of software (8th), still not working.

 

11:18 Called tech support in queue.

 

11:45 Tech support advises they will send me an email pointing towards the uninstallation doc and the new driver software.

 

12:30 No email received, Second Call.  Got into arguing match about receipt of email.  Very unprofessional of Brother to argue whether or not MY email works.  I built my MTA/MUA AND bind, so I know it works.  I get over 200 emails a day on my work account. 

 

1:30  After a Third Call I finally get tech support to provide me with a link to the uninstall doc.  DNS issues with ISP caused issues connecting to site, probably delivery or routing of email also, but resolved.

 

2:00 Finally received a link from tech support for the new software via email.

 

2:15 Finished removing software, noting errors and variants and other inconsistancies with the wording of the uninstallation document.

 

2:35 Rebooted and reinstalled software, confirmed working all componants.

 

2:40  Finally scanned my document. 

 

Total time from start to finish:  4.17 Hours.  

 

@ $90.00/per hour (which is our labor rate for adminstration costing calculations) this means to scan one page cost our company $375.30 labour dollars for scanning one page document.  This affected two people.

 

Factoring in the cost of using IT resources to install and uninstall, IT time @120.00/per hour for the removal and reinstallation add’s another 1.50 hours for an amount of $180.00.  This affected one more additional person.

 

Total cost was $555.30 to scan one page.  Not including the cost of equipment or ink, paper, toner, etc.  We would assume that it should take ONE person roughly 10 minutes total or 0.17 hours at $90 or a cost of $15.30.  This is a difference of $540.00.  Yes, our admin rates are quite high but we do pay our employee’s well.

 

Looking at our history over the last six months this particular product keeps overrunning our operational costs.  We are certainly seeking a better solution, and will probably seek out Canon’s solutions.  Granted this product is not an enterprises class product, but given that there are at most 5 people using our network at any given moment, for it to not be effective even in this environment would be fair for me to say.  Perhaps if you only have it connected to one PC via USB, the MFC device works far superiour, but we did buy this on the basis we could connect via our network switch.

 

I do not understand why Brother cannot do this correctly, this isn’t their first time in this arena (Multi-function products).  But suffice to say, IF you never turn off the MFC unit, and IF you never reboot any of the PC’s that this product has it’s software installed on it works great!  It’s a wonderful product once it’s working 100%.  Too bad it never stays that way.  Of course it also never completely breaks either.

 

What was even more disrespectful of Brother was that they didn’t ‘care’ about fixing their documentation
nor in hearing my advisement on how to improve this.  Well if any Brother executives read this article, please review my walkthrough below.  Some of it may be petty to intelligent thinking people, but I hazard who qualifies as such, and would rather make the document dummy-proof for all people, not just the smart ones.  Saves tech support calls.  Maybe then you can get a decrease in calls to tech support and reduce your hold times for people with bigger problems.  In my instance yesterday I had to call them THREE times, use over FOUR HOURS of time to get two WEB LINKS.  How inefficient is that?  I asked them to give me the links over the phone and got the excuse the ‘link is too big’.  I guess they’ve never heard of tinyurl.  When I mentioned using this, they said ‘we can’t do that’.  This is technical support huh?  Pity.

 

When we brought the product into our environment we decided to connect it to our print server.  This is really just a simple PC running XP that has all the printers connected to it.  Most requests to print get sent to a custom spooler I wrote which then allows you to come over to the machine and forward the job to the appropriate printer. 

 

The first time I decided to use a network connection as this allowed me more flexibility with the other printers I own to still allow me to receive a fax on the MFC, and print on one of the lasers without building a queue for the jobs.  So I noticed it supported DHCP and decided that would be the way to go.  For a while (holidays) the unit was not going to be used so we turned off the MFC.  Upon powering on again, none of the software would talk to the printer.  Why?  Because it now had a new IP address, thanks to DHCP.  I had to reinstall the software to get it working again.  However without a ‘complete clean’ uninstall of the products software PRIOR to reinstallation will cause you the next issue duplicate drivers.  Yes, now the system registers FAX#2, and SCANNER#2, and PRINTER#2 since you have now installed the product twice.  A third time causes serious malfunctions and instability of the machine which I believe to be due to the fact that your only permitted to install this software on two machines.  So now we incurred additional calls from staff indicating their documents are not printing due to selecting the ‘older’ driver vs. the ‘newer driver’.

 

Now if you have a couple hours to kill, you can call the technical support line for help.   They can provide you with a link that I have supplied here to remove the software.  

Understanding it is another issue, let me explain with a walkthrough the document:

 

Note: this document is quoted in italic, regular text is my comment.

1. Unplug the printer cable.

 

This term is very ambiguous.  A Traditional ‘printer cable is a parallel cable that connects to a parallel port on a PC to the same port on the printer.  This product HAS NO parallel port.  It DOES provide a USB and Network interface for connecting the product to a PC/Network.  Why it doesn’t explain:

1. Open the MFC by lifting the cover from the right hand side, and lock the hinge in place.
2. Once open, disconnect either the USB cable and/or Cat5 Networking cable.  Ensure there is no cable connecting the MFC to the Computer or any Networking Equipment.

 

1. Click on START , CONTROL PANEL , ADD & REMOVE PROGRAMS , and remove the following programs: MFL Pro .

r

 

The actual program as listed is ‘Brother MFL Pro‘.  Since the add/remove software application lists all the selections aphabeticaly this would be important for finding the proper install file for the MFC, rather than looking for something that doesn’t actually exist [anymore | in this case | due to new setup], whatever is applicable.

 

1. Click on START , SETTINGS and PRINTERS & FAXES and delete the Brother driver & the PC-Fax driver.

r

 

Well I found a fully successful removal of the software at STEP 2 discovered that there was nothing to do here.

 

1. In the “Printers & Faxes” window, you will click on File and Server Properties .

 

Yes.

 

1. Click on the “Drivers” tab.

 

Yes they could have combined this step, but it’s more clear as two.

 

1. Select the “BrotherMFC-xxxx” driver or any other Brother driver, then click REMOVE .

 

Ok.  Um, there is nothing here.  Three steps wasted.  In fairness perhaps this ‘could have been here’ so checking is preferable regardless of the result.

 

1. From “My Computer”, click on Tools and Folder Options , and then click on View . Put a check mark on “Show hidden files and folders” and uncheck “Hide extensions for known file types” and then click on OK .

r

 

This has already been done, but confirmed regardless.  Another potential wasted step.  Granted many people may not have this option previously set and will require it for proper performing of the next two steps.  Again in fairness, this is a well documented step.

 

Then double click on your C:\\ drive and the delete the Brother folder and also delete the Brother folder in C:\\Programs Files.

 

Done.  However if you installed the MFC solution say to drive D: instead of C: you would find that the brother software ineffectively installs in C: in two locations additionally also in D: as directed.  So in this case you would have to search for THREE folders named ‘brother’ (C:\\, C:\\Program Files, D:\\Program Files) and remove them.  Very unclear wording of this requirement.

 

r

1. From the C:\\ drive double click on the “Windows” folder and the “INF” folder.

 

Ok

 

r

1. Search for OEM files that are related to Brother and delete those files. To see if it’s related to Brother, you double click on the first OEM files on the list (For example: OEM1.inf). If the OEM file is related to Brother then close that window and delete that file. And delete the PNF file that follows it with the same number (For example: OEM1.PNF). If the file is NOT related to Brother then don’t delete that file , just close that window and continue with the other OEM files. You have to go through all the OEM files to make sure nothing is left from the Brother software.

r

 

Unfortunately this is very vague.  Let me give you a example.

 

I currently have 1469 objects in this particular directory.  Of these 21 meet the criteria as selected above.  I know since I wiped this hard disk and reinstalled windows XP sp2, that only TWICE have I installed this, so perhaps the setup uses many of these, or perhaps it uses a select number.  Either way I have no further information to differentiate these files from the ‘related to Brother’ ones.  So which do I delete?  INF files tend to be fairly important and I certainly don’t want to determine them all.

 

I simply ignored this step as I was not about to inspect 21 items to determine which is which.  Why don’t they log this in a installation logfile, then review that to determine which OEM files to remove?  Makes sense doesn’t it?  Too bad Brother didn’t think so.

 

1. Also in the Windows folder, look for the TWAIN folder and the Twain_32folder. You will double click on those folders and delete any folder that begins with brmf.

 

Only Twain_32 for me, I simply tossed the entire directory.

 

1. Then open the “Registry” window by clicking on START , Run and type regedit and click OK .

 

Yes.

 

r

1. From the
   left column, open the folder called HKEY_LOCAL_MACHINE , then he SOFTWARE  Folder.

 

Yes.

 

1. From the SOFTWARE folder, delete the an>Brother Key.

 

Yes.

 

1. Restart the Computer.

 

But once you do STEP 2 it wants to reboot.  So, if your not careful, after doing STEP 2, you may reboot at this point, and then have to finish the steps in the remainder THEN REBOOT a second time.

 

I guess I could have mentioned this above eh?

 

Here is the link to the actual document, I hope it works, it gave me a ton of difficulty

 

Document stored at <http://welcome.solutions.brother.com/BSC/public/us/ca/en/faq/faq/000000/002000/000040/faq002040_000.html?reg=us&c=ca&lang=en&prod=mfc210c_all&Cat=15>

 

 

To buy or not to buy, that is the question.

 

So, after all this you hope that you can now do a ‘clean’ reinstallation of the software without multiple drivers appearing all over.  It’s too bad Brother doesn’t care about the quality of it’s documentation, only that it’s accurate enough that you can go to it.  If they had clarified a couple of the terms they misused, in the first place, this may have alleviated a great deal of confusion, but I leave that determination to you.  The manual is even worse reading and tends also to misinform you about the proper steps to fix or troubleshoot installations or broken installations.

 

Some people like very accurate information, others like very generalized information.  Some vary depending on the circumstance.  In any event it’s difficult to get the CORRECT information without some interpretation. 

 

If I was to review this product for it’s actual performance it would get very good marks.  It goes through ink in ridiculous quantities but name a printer these days that doesn’t.

 

However the constant breaking of various components forcing uninstall/reinstalls is very annoying.  Further discussion with Brother indicates this is very abnormal, but I have no way to compare this, except with my other 3 printers none of which are brother products and none of which have EVER had this problem.  Of course only one of them also uses a network connection (HP) the rest are either USB or parallel.  The other parallel is also connected to the network but it uses a custom driver to link over this cable the printer to the network.

At this point I don’t think we are going to continue with this product if a part fails again, that just may be the time we retire the unit.  Let’s hope it was a simple buggy driver product and we have gotten past this and will never have this occur again. 

 

P.S.  If you have any stories yourself on this product line I’d be glad to hear your input. 

Hot:

Well everyone needs an antivirus solution don’t they?

 

No.  I don’t believe everyone NEEDS one anymore.  To be truly effective you will probably need two or three, but good luck running them all together.  Its not recommended, and you will probably have real issues.

As a consequence even software designers are realizing this and integrating their AV solution into a more comprehensive and complete solution, bringing other features that should not be part of a pure anti-virus solution.

 

Let me state some declarations for the security vendors out there who may read this.

First declaration.  We don’t want “vendor-specific” integrated solutions.  Period.  Anyone who thinks they do can email me directly or on the forums and we can discuss it. 

Second declaration.  No AV/Security Vendor has a ‘good’ integrated solution let alone a ‘excellent’ one.

Third declaration.  Stay out of endeavors unless your going to do them well.

Now even some AV products are moving into integrating other ‘features’ into their software.  Kaspersky v6 Beta is one of those.  This was supposed to be a pure Anti-Virus program but as I highlight it isn’t.

 

Since this is an article about my last 24 hours with this program I shall try not to pick on integrated solutions any more. 

Why I don’t believe you need AV products anymore?

Truthfully virus’ are very very rare forms of malware these days.  They are making a bit of a comeback but mostly as rebuilt worms or trojans.  Worms and trojans are the big purveyors of nasty malware, and of course spam, phishing etc are even larger spreaders of the disease, BUT they are not virus either. 

 

So Anti-virus products simply waste resources and offer little to no actual protection?

Exactly.  Almost none are capable of “true” real-time protection unless you are being infected with very old malware.  However this is really where the value in Anti-virus software is.  Typically the value comes into play only after you discover that your already infected. [1]  Sure none of us like this, and we wish we would never get infected but it happens.  Our AV solution typically works good to excellent at removing and cleaning ‘known’ infections.  Sure, sometimes we need to do more than scan, quarantine, and delete, but our investment in the AV program should be able to assist at weeding out the ‘known’ malware and ensuring our data is clean. 

Only in the know…

It doesn’t stop unknown virus’.  Hence why you need to keep updating your software with new ‘signatures’ and additionally keep scanning your systems to keep up to date with what’s ‘known’.

Anti-virus software tends to be excellent at dealing with virus, pretty good at trojans and worms, but ‘only’ if the signature is up to date.  Besides nobody trades floppy disks much anymore so boot sector virus’ are dying out as malware matures in new forms[2].  So the AV product typically cannot stop trojans or worms from moving around, unless it has detection signatures for it.  But these definitely are acquired after the trojan or worm has typically ran it’s course.  Some worms have lifetimes in seconds.  How do you detect it, report it, confirm it, publish it, add it, update it, scan it all in a few seconds?  You can’t.  You would be infected during that phase with no trigger from your AV software.  

Since I don’t need to waste time and money getting little return on investment I choose not to install Anti-Virus tools.  Regardless of the solution though remember, “true” real time protection comes at a cost to performance.  On a home PC who wants to give up performance?  On a gaming machine, no WAY your giving up performance.  So don’t waste your time installing this software on these machines.  There are better solutions. 

Isn’t Kaspersky Anti-Virus v6 Beta different?

Yes.  Kaspersky v6 Beta was downloaded as I have always heard good things about this company and they tend to get fairly favorable reviews.  However most people hated v5 for a variety of reasons and I was led to believe (reading other reviews) that 6 was like a phoenix from the ashes type of release compared to v5.  It wasn’t.  It’s very like 5 and add new features you may love, but I guess you won’t, I sure didn’t.

From the beginning

Well the MSI installer was the first strike against this product. I’m no fan of the MSI installer, it creates numerous difficulties at installing software, and there should NEVER be a PROBLEM installing software. If there is, you shouldn’t have released it with the problem.

 

I attempted the installer on Vista RC2 and it completely failed with no real error (unknown error, didn’t I just type this…).  I then attempted to install this on a XP SP2 box I use that has ‘never’ seen an Anti-virus product before, and has been running for 6 months.  This installed fine requiring a reboot at the end.  However it attempted to update during the install, and this simply caused a hangup of both the installer and windows explorer.  I wasn’t impressed.  The reason for this hanging will be clear in a minute.

 

After a successful reboot, the software came up and started flagging various dll’s mostly, with nice smallish yellow popups,  and asking me what I wanted to do.  Folks, this is like many MANY other products out there, most are firewall solutions, but a few call themselves Anti-Virus solutions.   Now with all these packages the capabilities are morphing also.  Its an application tracking program that shows hooks into system routines, accesses and injections and changes of course.  This can be a very powerful tool to ensuring you stay protected.  However this!?!?!? In an AV product?  Give me a break.  Someone forgot to tell these folks ‘I only want my AV software bothering me IF IT’S A VIRUS OR OTHER MALWARE!!!!!!!’, we do need to remind them.

Why is this a problem?

I expect my anti-virus tool to ‘detect’ virus’.  Not tell me every little thing going on inside my system.  If I wanted an effective tool for active malware discovery I would use a serious appliance built for that purpose.  Maybe  the Anti-virus software guys and gals want to detect 0-days, something they never have done in the entire history of anti-virus tools.  Great lofty goal, but then they break trusted processes (detecting and removing virus’) with new features that can misplace trust, and then all bets are off.

So, question is.  Do I really want this level of protection?  Maybe. 

Do I want it from a trusted application like an anti-virus tool?

No, since they don’t know whether it’s malware or not, it asks you to make the decision.  I’m not sure if this would have an effect on scanning files against known attacks but I’m not about to either guess or take a chance.  Of course in my case I’m sure this is all innocent routine stuff, but it’s being treated inappropriately by Kaspersky so it’s possible one can make bad decisions.

 

Every little task generates this ‘alertwindow’ providing you only with:

 

A:  The classification of the alert;

B:  The location of the file causing the alert.

Then you have to make decisions as to:

C:  Whether to accept or deny it;

D:  Whether to make the above choice permanent, or just this time;

E:  Whether to simply trust this application to do what it wants, or not.

 

Lets look at each of these in more detail.

 

A:  The classification is a single word.  “Invader”  “Downloader”  “Threat”.  You can click on it to go to http://www.viruslist.com and check the definition in the encyclopedia, but don’t waste your time.   The definition you probably already formed in your head is more accurate and descriptive.

 

B:  The location is helpful, but in no way assists in decision making.  Does the software ‘belong’ there?  Are there other files called this also?  What is the manufacturers version information from the file?  Do we have a MD5 or SHA hash to verify it’s integrity?  Is this an essential windows file or not?  Is it a virus because my AV program displayed it to me?  Too many questions still and no definitive answers from the program that’s supposed to be definitive.

 

C:  Whether to
accept or deny this activity.  How am I supposed to make an intelligent decision based on the little panic information I have received so far?  Honestly you can’t.  So you flip a coin.  However chances are something ‘legit’ was trying to do something and if you deny it, very likely the application will now no longer have any communication back to the system including the calls and threads it already created and will typically crash the application or worse the desktop, or sadly, the entire machine.  So, the default choice is to accept it.  Why bother me then? 

 

D:  Now we have to make a choice that we will have to live with if we ever run this again.  Again same logic trail as C: above, so same conclusion.  Why bother me then?

 

E:  Should we just ‘trust’ this application to do what it wants? Now here’s the ‘stop annoying me’ choice, we can tell the program “look you annoying software, quit bugging me with popups and just trust the blasted application”.  Still we don’t know whether this is our photo gallery we wanted to start up to add some pictures from the weekend, or the latest worm/trojan file deletion tool.  But we can trust it and never hear from Kaspersky again. 

 

So the conclusion, this behavior from Kaspersky isn’t warranted or desired in an AV product because it doesn’t provide decent support.  It simply gives the user very powerful filtering capability which one can most simply avoid, and probably will.  This type of processing smacks of ‘host intrusion prevention systems (HIPS)’ but these are typically poor or overly complex applications.  Here with Kaspersky AV v6 Beta we have not overcome that hallmark.

 

The second contention I have with Kaspersky AV v6 Beta, is all the links direct one to a page to download the ‘trial version’ from, but with no way to activate the ‘trial version’.  The docs indicate that the activation tool (help -> activate) allows one to buy a license for this or activate later, or activate with a trial code.  Well the ‘trial version’ I downloaded from the ‘trial page’ does not have a ‘activate with trial code’ option.  So it’s either no updates or buy a license.  Well lets see how it does with it’s current database on my box that has never seen a anti-virus tool.  Aha, this is why my install hung up, it won’t allow the updater to update.  How silly.

 

Ok, I start the scan and I do like some of the options it provides like showing you all the exploits at theo >end f the scan.  I like this.  So, I run the scan, it estimates about two hours to scan everything (lots of partitions) and unbelievably it was done in just under two hours.  Very impressive.  Two little things I have seen before but they actually work as expected.  Wow.  It’s truly unfortunate that little else worked as great or made a positive lasting impression on me.

 

Remember we scanned a box that has XP SP2 installed patched semi regular (I let it inform and download, but I install manually) basis, no firewall except windows firewall, no antivirus ever until Kaspersky v6 Beta was installed, This has office 2003 installed runs Outlook as the mail client, has perl installed, IRC runs constantly, and most web browsing is done from this box, including this report being initially typed on it.

 

After a full two hour scan of my box I found one ‘threat’ on my PC.  Oh, that’s darn good I say to myself.  Just one file.  Considering some of the PC’s people have brought to me that I’ve cleaned up, repaired and rebuilt over the years, typically finding unbelievable amounts of malware  or a simple single infection still resulting in numerous files found during a scan.  Just one file infected.  Must have contained it…

So what one did I have?  I clicked on the result and was shocked.  The result was ‘Not-a-virus:mirc-616.exe’.  I couldn’t believe this.  It was showing me a backup copy of MIRC from my last update.  Hey I use MIRC daily, and rely upon it.  I bought the tool so I’m licensed, and when it did an upgrade it created a backup first.  How intelligent. 

So why is Kaspersky bugging me about this innocent tool?

 

I guess someone could ‘run’ it and take advantage of the exploits to infect my box, so I deleted it afterwards.  Was it infected?  No.  Why does it flag me with a bunch of insignificant warnings when it’s harmless?  Why did it not say ‘look you should delete this old version or upgrade if this is the current version you are using’?  Because it’s not a patch management solution, nor is it an auditing solution.  So I cannot fathom why my Anti-Virus software is behaving like one. 

 

Maybe it’s trying to be more encompassing and deal with the latest threats, rootkits.   But then shouldn’t it promote itself as an anti-rootkit tool?   Well we all know that there isn’t any such thing (yes many are trying to build one, but nothing actually works in detection), even tools such as ‘Rootkit Revealer’ by F-secure simply tell you a bunch of stuff that may ‘look’ like a rootkit, but you’ll have to do much more system analysis to determine for real or not.

 

Lets do some work

So, I figure I’ll wait and see if I can get the 30 day activation code to use this product, check around to ensure I haven’t missed something in terms of getting the proper beta product.  In my travels I find this great RAR file I want to download.  Ok firefox causes numerous popups in Kaspersky as DLL’s are loaded to process the download.  Ok I get the download and click on open in my download window in firefox, get more including AdobeIEsomethingorother.dll I can’t see why it needs this and select deny.  Windows Explorer crashes.  Ooops.  Attempt to repeat, crashes again.  Turns out that the download window launches in explorer.exe space and any time it looks up how to handle extensions several dlls are loaded for that purpose, including the AdobeIEsomethingorother.dll that I denied.  I wasn’t running IE or Adobe, but Windows Explorer (explorer.exe) required it during it’s initialization and denying it made it quite unstable.

 

Ok, this is not why I have security products installed on my machines.  I install them to:

 

A:  Improve the security of my systems, and improve my ability to do said;

rr

B:  Improve the stability and reliability of my systems and the data that resides on them

C:  To protect and ensure the accuracy and validity and privacy of the data and software that resides on the machines.

 

If the software I’m installing/using interferes with ONE of those conditions it fails and gets removed.

 

Kaspersky failed on the first two accounts.  It did not improve my security, and it destabilized my system by halting processes in stream to popup windows.  This regularly caused issues and in some cases fails, or crashes or unrecoverable applications.  In one case it completely crashed my TCP/IP stack since the protocol doesn’t like waiting for responses.  As for the third I can say the installation/removal of the software did not adversely affect any system files.  It did not interfere with the accuracy of the files that presided, nor did it interfere with them (outside of the routine application issues)

 

I could not recommend this product since:

 

1. It misleads the user about particular findings
2. Activation was a major headache with no immediate solution attainable
3. The product introduces so many additional points of failure that system stability could be a factor
4. It wastes the users time with notices of things that are innocent additionally it doesn’t make notice of important things.
5. Misuse of the tool by the user can render a machine or application useless.  Even to the point of crashing system kernel routines.

 

In my opinion this Anti-virus product is only 1/5th of it’s capabilities, and I was not seeking integrated solutions.  Since the AV portion does seem to work effectively it alerts you to non-virus files, which could cause one to delete something they use accidentally.

Installation Ranking: 3/5 – Using MSI and saying it installs on all windows but would not on Vista nor would it generate a decent error.  XP works fine.

Initial Setup and Patching: 1/5 – Unable to do anything except hang the machine attempting to make connections the
program blocks.  Unable to recify within test period, granted it was very short, so we give it a one.

Usability: 3/5 – Overall the program worked as we expected and did not cause issues or confusion when we asked it to do things.  It was not so clear when it prompted you with popups about app activity.

Dependability: 3/5 – Overall it’s engine scanned effectively and found all the planted malware on our test box.  It’s discovery of non-malware as malware concerned me greatly about it’s ‘cry wolf’ potential.  I would not rely on results singularily by this software I would have to confirm them with another more reliable package to ensure it is accurately determining valid malware, and not potential malware. 

Overall score: 2.5/5 – Software adequate.  Price to purchase unrealistic to it’s abilities.  Certainly has potential as a combo AV-Application Watcher, but why?

I don’t want to have to second guess my results, my AV software shouldn’t either.  If it does then it no longer has any ability to do what AV software is supposed to do….detect.

 

---

[1]This happens as a result (typically) by being infected during the ‘unknown’ phase, and once the signatures were updated, you now ‘detect’ the infection running around doing whatever it wants until now.

[2]Traditionally you got virus from copying files usually from a floppy disk.  Over time as other file transfer methods developed, the ways for virus to spread changed also.  However malware creators also realized that in order to get the virus around, they needed to figure out how to spread it.  Email, news, IRC protocals were used and the development of hiding virus in (even legit) programs was developed, now commonly referred to as trojans or trojan horses.  Worms also are an effective spreader technology since it’s whole concept in life is to move around the internet.